By Basilie NZAME, Expert in financial control and regulatory compliance. Former Auditor at DeloitteFrance, Mazars Angola & DRC
On September 30, 2025, the BCEAO officially launched the Interoperable Instant Payment System Platform, the PI-SPI. For the first time in the WAEMU area, an Orange Money customer in Senegal can send money in real time to a bank account in Mali, or to a Moov Money wallet in Ivory Coast, without friction, without delay, without human intermediary. The CEMAC had taken the lead as early as 2018 with GIMACPAY, operated by the Central African Interbank Electronic Banking Group under the impetus of the BEAC.
These two initiatives put an end to decades of closed systems: each operator built their own proprietary fortress, captured their customers, and made transfers to a competitor as expensive as possible. Mandatory interoperability breaks this rent-seeking logic. This is good news for consumers, for financial inclusion, for regional economic integration, but also for fraudsters.
The instantaneity of flows is precisely what makes them attractive to malicious actors. SIM swap allows emptying a mobile wallet before any possible freeze, with funds leaving the original ecosystem instantly to another network. “Mule accounts” fragment and launder illicit flows by crossing in a few seconds a wallet in Ivory Coast, a microfinance account in Benin, then a bank in Senegal, blurring all traceability. Fraud-as-a-service (i.e. fraud offered as a turnkey commercial service) industrializes these attacks in three components: social engineering scripts to manipulate victims by phone or SMS and extract codes and credentials from them; compromised databases, obtained during massive data leaks and then resold to test mass bank accesses; pre-configured laundering infrastructures to allow the recycling of illicit funds between multiple countries without leaving traces.
Behind these typologies looms a structural challenge that actors cannot ignore: interoperability redraws the perimeter of prudential obligations. Connecting banks subject to Basel requirements, fintechs in the process of approval, and microfinance institutions with heterogeneous regulatory maturities on a common platform creates a chain of shared responsibility whose legal contours remain insufficiently defined. Who is responsible for KYC in a multi-actor transaction? Who files a suspicious activity report when a suspicious flow crosses three different types of institutions? These questions that regulators have not yet resolved are precisely the ones that compliance officers and internal control teams must ask now.
Several levers can be activated without delay: mapping customer knowledge responsibilities by flow segment and contractualizing them with partners; recalibrating detection scenarios to cover multi-entity behaviors, a weak signal on an isolated wallet can become a strong alert when cross-referenced with inter-operator transit data; adopting a conservative declarative posture. In the absence of a clear regulator position, declaring rather than waiting for a suspicious activity report sent in error does not generate sanctions. Finally, structuring now the evidence of due diligence procedures, training, traceability of alerts to anticipate BCEAO, BEAC or COBAC controls. For actors who delay, the consequences can be severe: sanctions from supervisory authorities, loss of approval, exclusion from the common infrastructure, or disruption of international banking correspondence relationships, the latter risk being potentially fatal for the business model in a context of increasing regional integration.
This means that existing mechanisms are insufficient in the face of the magnitude of these changes. The question is no longer whether to recognize it, but to act. Financial inclusion will only fulfill its promises if control mechanisms progress at the same pace as innovation: shared governance among interconnected actors, real-time behavioral detection, contractual allocation of responsibilities in terms of customer knowledge and combating money laundering and terrorism financing, as well as harmonized declarative capacity on a regional scale.
About BASILIE NZAME
BASILIE NZAME is an expert in financial control and regulatory compliance. Big 4 Auditor (Deloitte, Mazars) in Europe and Central Africa (Congo, Angola), she then specializes in regulatory consulting for European systemic banks before joining the payments sector. Originally from Cameroon, she closely follows the dynamics of transformation of payment infrastructures in sub-Saharan Africa.
